Promotic

Web - tab of the PmaWeb object

Description:
Setting basic TCP/IP parameters of the PROMOTIC Web.
Configurators:
Network interface IP addressIt allows to define the network interface address (network adapter), used for accepting Web server requests.
All network interfaces (default) - The Web server accepts requests through all nework interfaces of the computer, i.e. via all physical network adapters, virtual network adapters (VPN, etc.) and local interface of the computer (localhost i.e. 127.0.0.1).
Local network interface (localhost) - The Web server accepts requests only via local network interface (localhost i.e. 127.0.0.1).
In this case the Web server accepts no requests from network interfaces. The local network interface is accessible only for applications running on the same computer as the Web server.
Specific network interface - The Web server accepts requests only from specific network interface (e.g. from particular network card).
The network interface address is entered only in numerical form (e.g. 192.168.1.1) - nominal addresses cannot be used in this case.
In this case the Web server will not accept any requests neither from another network interfaces nor local network interface.
This option especially useful in cases the computer is equipped with multiple network cards while it is necessary to access the Web only through one of them.
Port TCP/IPNumber of the TCP/IP port, on which the Web server accepts requests. Standard value for HTTP is 80 and for HTTPS is 443.
This configurator sets the initial value of the Port property.
Macro expression can be used for input (it is evaluated after the application is launched).
If the port value is already used by another Web server (e.g. by Apache, IIS, etc.), then it is necessary to enter different value (e.g. 85). It may often happen that the port 80 is taken by "Publish on Web" service after Windows OS installation. If you do not need this service then disable it and free this port.
Web server typeThe configurator specifies the Web server type.
Web server of the "HTTP internal" type is integrated in the PROMOTIC system system by default and it is not necessary to configure it.
Web server of the "HTTP(S) service" is a part of all recent Windows OS (do not confuse it with IIS, it is not a real independent Web server) and the PROMOTIC can use it. The configuration may be more difficult (see the puppiled utility PmHttpConfig.exe), but the performance is higher and the secure HTTPS protocol is available.
http internal (default) - The PROMOTIC system uses own integrated Web server that is implemented directly over the communication sockets. The most important advantage is the fact that it is not necessary to configure it additionaly in Windows OS.
http service - The PROMOTIC system uses the HTTP service that is a part of all recent Windows OS as a Web server (do not confuse it with IIS, it is not a real independent Web server). The configuration may be more difficult, but the performance is higher and secured the secure HTTPS protocol is available. The configuration of HTTP service of the Windows OS in order to use it by the PROMOTIC Web server is done by the utility: PmHttpConfig.exe.
https service - Based on the HTTP service and therefore similar information is valid as for previous option "http service". The secure HTTPS protocol differs from the unsecure HTTP protocol mainly by, the communication encryption (SSL) and by the fact that the server identity is verified by the certificate (CN digital signature). This way the possibility of data tapping is eliminated together with the chance of a false Web server forging. The PmHttpConfig.exe is used for configuration including the certificate management.
Number of worker threads
Default Web file addressIf the client enters the address only in the shortened form: //ComputerName, then the request is automatically routed to the specified address.
default.htm is set by default, it means that the request is routed to the address http://ComputerName/default.htm, which is the page containing the list of Web components with references to them.
The entered address can even be compound, for example alarms/default.htm - in this case this request is routed to the "alarms" component.
Most frequently, the default address leads to the main application workspace (to the PmaWorkspace object). The address entered here can be: workspace/main.htm.
Default languageWeb components display language selection. Web components not registered into the PmaWebLang object are displayed using the selected language.
by runtime - According to the language defined in the "Main language of runtime" configurator (according to setting of the Pm.RtLang property).
en,de,ru,cs,sk,pl,.. - Specific language selection. Only the languages registred in the "All used languages" configurator can be selected.
Small timeout (max. time for receiving/sending one part of long request) (s)When receiving/sending a long request, the request (communication message) is separated to several small parts.
The small timeout specifies the maximum allowed time for receiving/sending one part of the long request.
The default value is 10 s.
Big timeout (max. time for receiving + processing + sending the whole request) (s)The big timeout specifies the maximum time for receiving, processing, sending the whole request.
It goes about the maximum allowed time from receiving the first part of the request to sending the last part of the request.
The default value is 30 s.
Delay between requests or between parts of long requestEnable/disable to insert delay between requests.
When receiving a long request consisting of several parts, a delay in inserted between individual parts of the receiving request.
When sending a long request consisting of several parts, a delay is inserted between every transmitted part of the request.
It means that a short request with a short response (receiving the request in one part, and sending the response in one part) includes one delay, namely after sending (serves for separation of various requests).
Delay [ms]The size of inserted delay in milliseconds. The precision is about 10 ms.
Strict mode of network users login into the application requiring the use of both name and passwordEnable/disable the strict login mode of the network users.
It is recommended to use the strict mode because in this mode the application behavior is simpler and unambiguous.
The configurator specifies the behavior of the PROMOTIC Web server for network requests without the name and password.
See Strict and non-strict login policy.
Extended configurationAllows setting the additional values for the Web server.
Entries are in the KeyVal format.
For example Authentication:Digest;HttpHeaders:{0:{Name:Cross-Origin-Resource-Policy;Value:same-site;};1:{Name:Content-Security-Policy;Value:frame-ancestors 'self';};};CorsOrigins:*;

Authentication - Authentication type of PROMOTIC or Windows Web client user (browser). See the "Users" tab. For example Authentication:Digest;
Basic (default) - Authentication of PROMOTIC users. The names and passwords in the HTTP headers encoded in Base64 are unencrypted, and therefore can be detected.
Digest - Authentication of PROMOTIC users. Instead of the password, the HTTP headers contain only the password Hash (i.e. Digest), so the password cannot be detected. The hash is of the MD5 type.
Windows.NTLM - Authentication of Windows users in the domain, that is executed directly by the browser. This authentication is suitable for intranetu in enterprise networks where all user log into a domain.
The browser either prompts the user to enter the name end the password in the domain and completes the Windows authentization, or the browser uses the currently logged-in Windows user for authentization. The browser then sends to the Web server only the encrypted security token that is then used by the Web server to authentize the browser user in the domain.
In order to have the Windows Web user authentication working properly, the Enable Windows authentication (Windows users) option must be enabled and the corresponding Windows user groups must be entered into user groups.

HttpHeaders - An array of headers for the Web server that will be added to each response.
Entries are in the KeyVal format in the form of representing an array.
Each header for the Web server contains Name and Value.
For example HttpHeaders:{0:{Name:Cross-Origin-Resource-Policy;Value:same-site;};1:{Name:Content-Security-Policy;Value:frame-ancestors 'self';};};
 
An example of recommended headers for increased security of the Web application:
Cross-Origin-Resource-Policy: same-site - Provides protection against requests from another sources.
Content-Security-Policy: frame-ancestors 'self' - Provides protection against pasting a Webpage into another webpage from another source (Clickjacking).

CorsOrigins - (CORS - Cross-Origin Resource Sharing)
Enables/disables the HTTP request for data whose Origin (protocol+domain+port) is different from the Origin the page with data.
This mechanism is activated only if the Origin of the HTML page and the data page (JSON, XML) is different (different Web servers).
This value needs to be set in the PROMOTIC application that provides data to the Web (JSON, XML) and such data is read from the html page from another application.
For example in the following cases:
1) One PROMOTIC application provides HTML pages of the panel. The XMLHttpRequest object is in this panel (see Preconfigurations in group "HTTP - XML, JSON, CSV, SOAP, text") that gets data from another PROMOTIC application.
2) Trend viewer (the PmgTrendViewer object) in one PROMOTIC application views trends from another PROMOTIC application (if the "Server" configurator is set to 2 - Connect trends on another Web address).


"" (default) - If the key is not present or it value is an empty string "" then the CORS is disabled.
For example CorsOrigins:;
* - If the value is a string containing the * character then the CORS is enabled for all Origins.
For example CorsOrigins:*;
origin1,origin2,... - A list of all enabled Origins (separated by comma).
For example CorsOrigins:https://www.example.com,https://www2.example.com;
Note:
If the port value is 80 for HTTP or 443 for HTTPS (i.e. the standard value), then in the Web browser the URL address of the component is:
http://ComputerName/ComponentId

Otherwise (for example if Port=84):
http://ComputerName:84/ComponentId

History:
Pm9.00.15: New option Windows.NTLM for Windows authentization.
Pm9.00.11: New "Extended configuration" configurator with the option HttpHeaders.
PROMOTIC 9.0.27 SCADA system documentation MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r.o.